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Training Documents 


e Patch Management Lab Tutorial Supplement 
e Patch Management Slides for Lab Tutorials 


e You will find the training documents for this course below this 
training video (at the very bottom of the page) 


e No trial accounts are provided for this course, all labs are simulated 
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Play Lab Tutorials 


http://ior.ad/7bze 
PLAY J http://ior.ad/7bZE 


Click to 
open Lab 
Tutorial. 


Navigate to the following URL to view the “Configure Agents for VMDR” tutoria 


Maximize 


Screen 


è Tyit A La 


© 


15 steps / 3 mins 


Configure Agents for 
VMDR 


Click Start 
Button 
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e Introduction to Qualys Patch Management (PM) 
e PM Activation & Setup 

e PM Application Overview 

e PM Deployment Job 

e Prioritized Products 

e Patching from VMDR and VM 

e Zero-Touch Vulnerability Remediation 
e Uninstall Job 

e Patch Catalog 

e PM Assets 

e Certification Exam 
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Introduction 


Qualys Patch Management 


Automatically correlates discovered vulnerabilities with their required 
patches 


Leverage existing Qualys Cloud Agents to deploy and uninstall 
patches 


Provides OS and Application patches, including patches from third- 
party software vendors (e.g., Adobe, Java, Google, Mozilla, 
Microsoft, etc...) 
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Qualys Patch Management 


Available for Windows, CentOS 6/7, and RHEL 6/7/8 


Provides patching just about anywhere an Internet connection is 
available (e.g., airports, coffee shops, remote offices, etc...) 


Qualys Agents determine which patches are missing or required and 
can identify superseded patches 


Build patch jobs that target specific vulnerabilities, severity levels, 
and known threats 
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Qualys VMDR Lifecycle 


Asset 
Inventory +» = 


Vulnerability & 
Config Assessment 


—-e Threat Risk and 


Management €5 we © Prioritization 
Fe, 
U 
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Patch Sources 


e Windows patches are downloaded from Vendor Global CDNs 
(e.g., Oracle, Adobe, Microsoft, Apache, Google, etc...) 


Linux patches are downloaded from the configured YUM 
repository 


Qualys Gateway Server can be used as a local repository 


Patch downloads requested by one agent, are cached on QGS and 
made available “locally” for other agents that need the same patch 


QGS also provides a cache for manifests and agent binaries 
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Activation & Setup 


Qualys, Inc. Corporate Presentation 


Qualys Patch Management uses the Qualys 
Cloud Agent for deploying patches 
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Qualys PM Workflow 


1. Install Cloud Agent on target host 


2. Assign target agent host to a CA Configuration Profile that has PM 


enabled 
3. Activate PM module on target agent host 
4. Assign PM license to the host 


. Assign target agent host to a PM Assessment Profile (optional) 


86606 
On 


6. Configure patch deployment job 
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Activation Key 


New Activation Key Turn help tips: On | Off x 


Create a new activation key 


An activation key is used to install agents. This provides a way to group agents and better manage your account. By default 
this key is unlimited - it allows you to add any number of agents at any time. 


Title Patch Management Key 6) 


Static Tag L - | mm 
Í PM Enabled ð 


Provision Key for these applications 


CyberSecurity Asset Management 
Activations managed by CSAM 


Vulnerability Management 


Patch Management 
699 Activations Remaining 


T- 


D 
BH 
Oo 


Policy Compliance 


0 498 Activations Remaining 498 Activations Remaining 
o BB rene © GD caer 
o M non Rencinng 

D Set limits 


Close Unlimited Key | Generate | 


As a best practice, 
assign a static tag 
when creating an 
Activation Key 


Create a new activation 
key or update existing 
key with Patch 
Management 


Configuration Profile 


Configuration Profile Edit 


Edit Mode 


General Info 


Blackout Windows 


Performance 


Assign Hosts 


VM Scan Interval 


PC Scan Interval 


SCA Scan Interval 


Patch Management 


Enable PM module for this profile €D <= 


Configuration 
These settings define operational setting for the agent 


Cache size = 2048 | MB (512 - 10240) 


O Unlimited 
Cache size for download patches 


Configure “Cache size” for at least 2048 MB, 
to accommodate Windows Updates. 


Assign target hosts to 
CA Configuration 
Profile that has PM 
enabled. 


Set “Cache size” to at 
least 2048 MB, to 
accommodate 
Windows Updates. 
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Activate PM Module for Target Host 


Provision Key for these applications 

e Select the PM El sos Co > Pach Management 
nier à rip AN arr ovary 
Activation Key, 
before and after D o ES Si 


agent deployment. o Secure Config Assessment 


10 Activations Remaining 


Vulnerability Management 
13 Activations Remaining 


Agent Host os 


ws2016dfw242 E Microsoft Win... 
192.168.1.242, fe te ent 


gen e Use the “Quick Actions” menu to 
À Add Tags y activate PM for any agent host or 


Assign Config Profile 
Activate Agent use the Qualys Cloud Agent API. 
Deactivate Agent 
Uninstall Agent 
| Activate for FIM or EDR or PM or SA | 
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Lab Tutorial 1 


PM Activation & Setup — Page 3 


10 min. 
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Application Overview 


Oualys, Inc. Corporate Presentation 


Patch Management UI 


Patch Management DASHBOARD PATCHES ASSETS JOBS CONFIGURATION 


e CONFIGURATION - Configure the frequency in which patch assessments 
are performed and allocate patching licenses. 


e JOBS — Deploy and/or uninstall specific patches for targeted groups of 
host assets using one or more PM Jobs. 


ASSETS - List of agent host assets the PM module activated. 
PATCHES — Catalog containing application and OS patches. 
DASHBOARD - Contains “widgets” that monitor important patch statistics. 
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Patch Assessment Profile 


© Qualys. Enterprise 
Patch Manageme n DASHBOARD PATCHES ASSETS JOBS CONFIGURATION 


www Assessment Schedule 


Define the interval at which you want the cloud agent to collect patch information from 
the assets associated with this profile. This is synchronized with agent behavior. 


Scan interval is applicable only for the licensed assets. 
The default scan interval for the unlicensed assets will be 24 hrs. 


Scanevery 4 


e Specifies frequency of patch assessment scans, which assess agent host 
assets for missing and/or installed patches. 
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Configuration: Assessment Profile 


© Qualys. Enterprise 


Patch Management » DASHBOARD PATCHES ASSETS JOBS CONFIGURATION 


Configuration Profiles MES 


Y Create Profile 


SC 


` Enabled System Profile Default System Every 4 hours 


Default Assessment Profile Jul 10, 2020 


PM Lab Assessment Profile trann3zd54 Every 24 hours | PM Lab 
LAB 2: Activation & Setup Jul 15, 2020 


e If you do not create one or more Assessment Profiles, the System Profile will be 
used (by default). 


e Assessment scans identify the missing and installed patches for an agent host. 
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Configuration: License Consumption 


License Consumption 


Patch Management 
Type: TRIAL 


Only agent host assets will 


License Details ne 
consume patching licenses. 


Licenses Purchased 
3 


Select assets for patch management 
Select asset tags to include or exclude for patch management. Total Consumption counter shows the number of licenses used 
based on the number of matching assets contained in the included asset tags. 


Include Assets Tags Select Tags 


| PM Lab 


Add Exclusion Asset Tags 


e Use Asset Tags to specify which agent host assets are eligible for patching. 
e Use the “Exclusion” check box to restrict patching on targeted assets. 
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Deployment Job 


Oualys, Inc. Corporate Presentation 


Deployment job 
= Use asset tags as targets for patch deployment jobs 


=» As a recommended practice, create and use test asset tags 
for deployment 


= Once verified, clone the deployment job and include 
production asset tags 
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Deployment job 


T&—— 
Patch Management vy | New Updates |) DASHBOARD PATCHES ASSETS JOBS CONFIGURATION 


Jobs Windows 


O Search for jobs... 


Actions (0) V ESS 8 Filters V | 
Total Job 0 pes || 


STATUS Deployment Job OWNER J SCHEDULE 


~ Uninstall Job 
Completed quays2nd84 Once, Jul 10, 2021 03:55 pm 


STATUS Install Job Jul 09, 2021 
Completed 


Create a patch 
deployment job 
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Deployment job — Basic Information 


<— Create: Windows Deployment Job 


STEPS 1/9 


D Basic Information 
Select Assets 
Select Pre-actions 
Select Patches 
Select Post-actions 
Schedule 
Options 
Job Access 


Confirmation 


Basic Information 


Create this deployment job by selecting assets and patches to be installed. Also, define 
options you want to display as reminders. 


Title for your job * 


Patch Windows HQ Servers 


Description 


This job will deploy patches on Windows HQ servers on Saturday, 25 September 2021 


Deployment job — Select Assets 


< Create: Windows Deployment Job 


STEPS 2/9 


i 


Basic Information 


Select Assets 


Select Pre-actions 


Select Patches 


Select Post-actions 


Schedule 


Options 


Job Access 


Confirmation 


Select Assets 
Select the assets you want this job to deploy patches on. 


k 
Include the following assets. 


Selected Assets (2) Add assets Add Assets 


to patch job 
ASSET NAME } Remove All 


WIN12R2-97-149 Q 


WIN2012-205 


Add asset tags 
to patch job 


|| Add Exclusion Assets 


Include hosts that have Any » of th : Select Tags 


| Cloud Environments X 


|_| Add Exclusion Asset Tags 
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Deployment job — Pre and Post Actions 


Select Pre-Actions — =e IN ~ Configure action 


Select an action that you want to execute on assets before the job starts. a to execu te b efo re 


Action + | job starts 


Run Script ——r = 


Install Software 


Script Name * 


Run a PowerShell 
script or install 
software 


Custom Script * 


A 
20480/20480 characters remaining 


Cancel 
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Deployment job — Select Patches 


Use patch Select patches 
selector using QQL query 


<— Create: Windows Deployment Job 


STEPS 4/9 


Basic Information 
assets or create a query to automate the job. 


Select Assets 


Select Pre-actions @) Manual Patch Selection () Automated Patch Selection 


Select manually from the available list of patches. Define QQL to automatically identify patches to remedi 
Select Patches the job runs. 


Select Post-actions 


Schedule There are no patches selected 


Options Take me to patch selector 


Job Access 


Confirmation 


Deployment job — Manual Patch Selector 


View patches within Use queries to 
scope of selected assets narrow selections 


I — List: Patch Selector 


>X< vendorSs ty:'Critical' and category: 'Security Patches' 


209 


| Within Scope Add to Job 1-50 of 209 
Total Patches g $ 


PATCH TITLE PUBLISHED DATE BULLETIN KB CATEGORY QD VENDOR SEVERITY CVE 


Security Cumulative Update for... Sep 14,2021 MS21-09-W10-. KB5005573 Security Patch.. 91772 I critical CVE-2021-36960 
SUPERSEDED 273 more 29 more 


ie Security update availablefor Ad... Sep 14, 2021 APSB21-55 OARDC2100.. Security Patch.. 372564 $ Critical CVE-2021-39851 


false 
42 more. 25 more. 


APP FAMILY Servicing stack update for Win... Sep 14, 2021 MS21-09-SSU-... KB5005698 Security Patch. 91482 I Critical 


" 2 more. 
Windows 


Firefox Security Cumulative Update for... Sep 14,2021 MS21-09-W10-... KB5005568 Security Patch... 91772 I Critical CVE-2021-36960 
Chrome 145 more 33 more 
Internet Explorer 

fas Security Cumulative Update for... Sep 14, 2021 MS21-09-W10-.... KB5005565 Security Patch... 91651 I Critical CVE-2021-36960 


8 more ¥ 63 more. 33 more. 


September 14, 2021-KB500562... Sep 13, 2021 MS21-09-S081.. KB5005627 Security Patch... 91814 ma Critical CVE-2021-36960 


1 more. 24 more... 


VENDOR 


Microsoft 
KB5005112: Servicing stack up... Aug 10, 2021 MS21-08-SSU-... KB5005112 Security Patch... 91482 I Critical 


2 more. 


Mozilla Foundati... 
Google 


Use filters to 
narrow selections 


Deployment job — Automated Patch Selector 


Select patches 
using QQL query 


= Create: Windows Deployment Job 


STEPS 4/9 
Select Patches 


Choose the patches you want to install for the selected 'ássets or create a query to automate the job. 


Basic Information 


Select Assets 


Select Pre-actions () Manual Patch Selection @ Automated Patch Selection 


Select manually from the available list of patches. Define QQL to automatically identify patches to remedi 
Select Patches the job runs. 


Bere SEINS V | X vendor:Microsoft and vendorSeverity:Critical 


Schedule L 
Note: For optimum performanéé, only missing and non-superseded patches that match the QQL criteria will be addet 
Options 


Job Access 


Confirmation 


Use a query to 
select patches 


Deployment job — Schedule Deployment 


Deploy patches on- 


for later 


Qualys the time 
needed to complete 
the job 


Set duration for on- 
demand job 


le Create: Windows Deployment Job 
demand or schedule 


Set to None to allow 


Schedule Deployment 


chedule the deployment job to run on demand or in the future. 


On Demand: The deployment job will run once enabled. 


ee i Patch Window 
é PTE You can configure a patch window to run the deployment job only within a particular time frame. 


@ None ©) Set Duration 


Note: Not setting the patch window will allow the cloud agent to take as much time as it needs to complete the job. 
9 ‘Onfirmation 


on | TS 


schedule Deployment 


Schedule Deployment 


Schedule the deployment job to run on demand or in the future. 


Schedule Schedule: Schedule the deployment job to run at a set time. 


START DATE START TIME 


09/01/2027 il 12:30am 


TIMEZONE 
By default the system will use the agent timezone. Set timezone 


Patch Window 


You can configure a patch window to run the deployment job onl 


frame. 
Monthly 
@ None Set Duration 


Note: Not setting the patch window will allow the cloud agent to take as much time as it needs to 
complete the job. 


Run jobs “on demand” or schedule them to run at regular frequencies. 
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Opportunistic Patch Download 


Additional Job Settings 


Enable opportunistic patch download 
The agent attempts to download patches before a scheduled job runs. 


Minimize job progress window 
Allow end-users to minimize message windows. 


e You can “Enable opportunistic patch download,” to allow agents to 
download required patches prior to the start of a scheduled job. 
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Patch Window 


Patch Window 
You can configure a patch window to run the deployment job only within a particular time 
frame. 


None  @ Set Duration = 


Note: Setting this will restrict the agent to complete the job within the specified patch window (e.g., 
start time + 6 hrs). The job gets timed out outside this window. 


Patch Window 


6 Hours 


e A job will display the “Timed out” status, if the patch installation does not 
start within a specified patch window. 


e Select the “None” option to give patch jobs an unlimited amount of time. 
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Communication Options 


Deployment and Reboot Communication Options 


Define user (recipient) patch deployment communication and reboot warning messages to 
encourage and educate the user about patch installment and the reboot cycle. 


Deployment messages 


Pre-Deployment 
Display message to users before patch deployment starts. 
(If no user is logged in, deployment process starts per job schedule) 


Deployment in Progress 
Display message to users while patch Deployment is in progress. 


Deployment Complete 
Display message to users when patch Deployment is complete. 


Choose the type of “Deployment and Reboot Communication 
Options” for each Deployment Job. 
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Communication Options 


Reboot messages 


Suppress Reboot 

Asset reboot is suppressed and users are not prompted for reboot post patch 
installation. 

Reboot Request 


Show a message to users indicating that a reboot is required. 
(If no user is logged in, the reboot will start immediately after patch deployment) 


Reboot Countdown 
Show countdown message to users after deferment limit is reached. 


e Choose the type of “Deployment and Reboot Communication 
Options” for each Deployment Job. 
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Host “Pop-Up” Messages 


“Pre-Deployment 
and “Reboot 
Request 
messages can 
be configured 
with deferment 
options. 


Qualys Patch Management 
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Pre-Deployment Message. 


| ok | [petem ] 


Qualys Patch Management 
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Deployment Complete Message. 


Qualys Patch Management 


© Qualys. .. 


Deployment in Progress. 


Qualys Patch Management 
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Reboot Request Message 
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PM Processes & Executables 


13 Task Manager 


File Options View 


Processes Performance Users Details Services 


A 


Name 


> Fa) Microsoft .NET Framework 4.7.2... 


> @> Microsoft Distributed Transacti... 


gs Microsoft Malware Protection C... 


© Qualys Cloud Agent 
© Qualys Cloud Agent UI 
[a=] RDP Clipboard Monitor 
[E] Runtime Broker 
I Search 
> igh Spooler SubSystem App — . 


G | Fewer details 


9% 
CPU 


SRRRRRRRS 


End task 


When patching is active on a 
Windows host, patching 
messages and notifications 
are managed by the “Qualys 
Cloud Agent UI” process 
(QualysAgentUl.exe) 


‘stdeploy.exe’ is the name of 
the patching executable. 
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Job Status 


DASHBOARD PATCHES ASSETS JOBS CONFIGURATION 


.Net Job . CORR haan. 9 trann3ww83 On-demand 
Install Job Oct 20, 2019 


View Details 
Adobe Job trann3ww83 Once, 1:00 PM 


Install Job | Cp Oct 28, 2019 


View Job Status: 

e Enabled — Job is presently active. 

e Disabled — Job is presently inactive. 
e Completed — Job has completed. 
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View Job Progress 


Pending WS2016DFW242 Microsoft Windows Server 2016 Stand... 
Oct 28, 2019 fe80:0:0:0:d42d:825a:8140:153, 192.168... 


Completed WS2012EVAL206 Microsoft Windows Server 2012 R2 Sta... 
Oct 28, 2019 fe80:0:0:0:383a:fada:a31b:e92c, 192.168... 


Completed WS2016DFW251 Microsoft Windows Server 2016 Stand... 
Oct 28, 2019 fe80:0:0:0:fd21:1c55:3da9:ba53, 192.168... 


D Completed 
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Job Status 
a CS 


Canceled — Blackout Patch deployment job is canceled on the asset due to blackout window 
Completed Patch deployment job is completed on the asset 

Downloaded Patch file is successfully downloaded on the asset 

Downloading -— failed Patch failed to download on the asset 

Not licensed Job manifest cannot be sent as the asset does not have PM license 
Job started Agent has started the job 

Job resumed Asset is restarted and agent has resumed the job 

Job failed Agent encountered an error while executing the job 

Patching Patch job is running on the asset 

Pending Patch job is pending for execution on the asset 

Pending reboot Reboot activity is pending for the asset 

Rebooted Asset is restarted after patch installation 

Timed out Job is timed out 
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DASHBOARD PATCHES ASSETS JOBS CONFIGURATION 


Windows 


Q, Search for jobs... 


E Actions (1) v SÊ Filters v 


View Details NAME OWNER v SCHEDULE 


View Progress 3 
Demo nu E On-Demand 
Install Job Jan 21, 2021 


Edit 
Change Job Owner 


Delete Friday Patching -E On-Demand 


Install Job May 10, 2019 
Enable 


Disable 


Clone 


Clone an existing job 


Lab Tutorial 2 


PM Deployment Job — Page 6 


10 min. 
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Session Break 


30 min. 
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Prioritized Products 


Oualys, Inc. Corporate Presentation 


Prioritized Products 


e Focus on products in your environment that are important to patch 
on a regular basis 


e Prioritizes products that introduce the most vulnerabilities from the 
last 2 years 


e Helps answer the question — which products should I patch first? 


e Create a zero-touch recurring deployment job targeting products 
with most vulnerabilities 
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Prioritized Products 


RE 


Prioritized Products 


© This report enables you to view the total number of product vulnerabilities (active and fixed) detected in your environment over the last 2 years. 


Actions (3) v Y Filters v | ® 


APP FAMILY NAME 


Windows 
Products that 
Chrome introduce most 
vulnerabilities 


Firefox 
Edge 


Java 


Qualys, Inc. Corporate Presentation 


Filter by asset tags 


VULNERABILITIES 
16191 


Sorted by total 
vulnerabilities 
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Prioritized Products 


< Prioritized Products 


© This report enables you to view the total number of product vulnerabilities (active and fixed) detected in your environment over the last 2 years. 


5 | Actions (2) ¥ | Y Filters ¥ @ | View patches related 


to chosen products 
View Related Patches VULNERABILITIES 


Create Job using Query 
16191 
Create deployment job 


for chosen products 
Chrome 


Firefox 


Edge 


mm © Qualys. 


49 


Prioritized Products 


STEPS 4/9 


Basic Information 


Select Assets 


Select Pre-actions 


Select Patches 


5 Select Post-actions 


6 Schedule 


Qualys, Inc. Corporate Presentation 


le Create: Windows Deployment Job 


Select Patches 


Choose the patches you want to install for the selected assets or create a query to automate the job. 


@) Automated Patch Selection 


Define QQL to automatically identify patches to remediate current 
the job runs. 


©) Manual Patch Selection 
Select manually from the available list of patches. 


Patch v | > appFamily:‘Windows* or appFamily: ‘Internet Explorer‘ 


Note: For optimum performance, missing and non-superseded patches that match the QQL criteria will be added to the job. 


Query is automatically built 
based on chosen products 


© Qualys. 


Lab Tutorial 3 


Prioritized Products — Page 11 


10 min. 
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Patching from VMDR and VM 


VMDR Prioritization Report 


e Identify vulnerabilities that pose the maximum risk to your business 


e Correlate vulnerability information with threat intelligence and asset 
context 


e Identify patches required to fix high risk vulnerabilities 


e Reduce remediation time with the integrated patch management 
workflow and zero-touch patching 
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VMDR Prioritization 


Assets to 
prioritize 


< VMDR Prioritization Save & Download 


Export to Dashboard 


CVSS Rating: 


Asset Tags (1) 1 1 1 1 K Critical ms 384 
High em 528 

l Cloud Agent x x s Med — 176 
Total Assets Total Vulnerabilities Low * 24 


None ! 


Age © Detection | Vulnerability Real-Time Threat Indicators (RTI) © Match Any | Matchall | Attack Surface © 


AOTENTIAL IMPACT 


High Data Loss (620) || High Lateral Movement (607) Wormable (5) || Denial Of Service (609) 


Patch Not Available (113) || Privilege Escalation (251) |! Unauthenticated Exploitation (14) Not Mitigated by Configuration 


Remote Code Execution (689) | Remotely Discoverable Only 


Vulnerabilities 


VE THREATS Internet Facing Only 


ictive Attacks (348) Malware (311) Zero Day (8) Exploit Kit (48) |! Public Exploit 


Predicted High Risk (435) || Easy Exploit (556) || Ransomware (34) || Solorigate Sunb 


Prioritize Now 


Prioritize based on 
RTI’s 


Prioritize by 
Attack Surface 


Prioritize 
vulnerabilities by age 
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VMDR Prioritization 


Patch all 
vulnerabilities 


TE A E Te 

(Export t@ Dashb Save & Download ) 

N i 4 A 
i { 


< VMDR Prioritization 


Prioritized Assets (7) Prioritized Vulnerabilities (7) Available Petches © Details 


19.78% Instances 13.67% Unique 
of total of total 


of 89 of 5.45K 


PatchNow v 


Vulnerabilities Patches | Assets 
Vulnerability v Q Search. + @ 
O Actions (0) v | Group By: Vulnerability v (©) Show Only Patchable 1-50 of 161 >| 
CVE TITLE QID TOTAL HOSTS 


CVE-2021-40444 Microsoft MSHTML Remote Code Execution (RCE) Vulnerability 91814 23 


CVE-2021-34527 Microsoft Windows Print Spooler Remote Code Execution Vulnerability (PrintNightmare) 


Select vulnerabilities 
for patching 


© Qualys. 


Vulnerabilities Section 


DASHBOARD VULNERABILITIES PRIORITIZATION SCANS REPORTS REMEDIATION 


ASSETS 


KNOWLEDGEBASE 


USERS 


Vulnerability YIX vulnerabilities.vulnerability.os:windows 


A Actions (2) v Asset Vulnerability | Group by... v | | SÊ Filters v | 


View Missing Patches 


Microsoft Foundation Class Library Remote Code Execut... 
Active 


icrosoft Windows Kernel-Mode Driver Remote Code Ex... 


View missing patches for 
selected vulnerabilities 


SEVERITY 
(E e 


LAST DETECTED 


Sep 27 , 2021 


Sep 27 , 2021 


1-50 of 6544 


FIRST DETECTED 


Jul 11,2019 


Aug 29 , 2020 


ASSET 


DEMO-GCP-AE7-... 
145387241 


WIN-890BLRMES... 
318753887 


© Qualys. 


Vulnerabilities Section 


A query is built based on 
your vulnerability selections 


Patch Management ~ pp 


Patch Catalog Windows 


 qid: [90698] 


? X agentId: [45beb51c-8d76-48af-bf11-9abab92edble] 


Total Patches 


View Details 


APP FAMILY ~  AddtoExistingJob . 


Visual C++ 2 


PUBLISHED DATE ARCHIT BULLETIN / KB 


Add to New Job 


Remove Patch c... Apr 12, 2011 ®© x86 MS11-025 
KB2538243 


VENDOR 


Microsoft 


Vulnerability in Mic... Apr 12, 2011 o X64 MS11-025 
KB2538243 


CATEGORY 


Apply missing patches 
causing vulnerabilities 
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Zero Touch Vulnerability Remediation 


Zero Touch Patching 


e Update endpoints and servers proactively as soon as patches are 
available 


e Remediate new vulnerabilities even before security teams run scans 
e Automate patch vulnerabilities based on the vulnerability RTI 


e Can be initiated from “VMDR Prioritization” report or the “Prioritized 
Products” report 
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Zero Touch Patching 


< VMDR Prioritization ( Export to Dashboard : ( Save & Download ) 


SCORE EN PET 


Prioritized Assets © Prioritized Vulnerabilities © Available Patches © Details 
100% Instances 21.86% Unique 
of total of total 
of 6 of 1.61K 


Patch Now V 


Zero-Touch Patch Job @ 


Assets 


Vulnerabilities | Patches 
| Windows Patches 82 


View Missing Windows Patches 


sé Q Search... Linux Patches 15 


© 


View Missing Linux Patches 


1-svotyy KO © & 


O Actions (0) ~ | Group By: … Vv 


Initiate zero-touch patch job 


Qualys Inc Corporate Presentation © Qualys. 


60 


Zero Touch Patching 


Create: Windows Deployment Job 


STEPS 4/9 


Select Patches 


Choose the patches you want to install for the selected assets or create a query to automate the job. 


Basic Information 


Select Assets 


Manual Patch Selection ® Automated Patch Selection 


Select Pre-actions 


Select manually from the available list of patches. 


Select Patches the job runs. 


Define QQL to automatically identify patches to remediate current and future vulnerabilities every time 


5 Select Post-actions Vulnerability x 


(vulnerabilities. vulnerability: (threatIntel.malware:True or threatIntel.activeAttacks: Ta © 


6 Schedule 


criteria will be added to the job. 


7 Options 


Note: For optimum performance, only missing and non-superseded patches that 


QQL is automatically populated 
from the prioritization report 


Qualys, Inc. Corporate Presentation 


© Qualys. 


Lab Tutorial 4 


Patching from VM and VMDR - Page 13 


Zero- Touch Patch Job — Page 14 
10 min. 
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Uninstall Job 


Qualys, Inc. Corporate Presentation 


Patch Jobs 


Deployment Job 


Uninstall Job 


_ Enabled © trann3ww83 


Install Job Oct 18, 2019 


" Uninstall jobs are created exclusively in the Patch Management 
application. 


= The workflow for creating uninstall jobs is very similar to deployment 
jobs. 
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Uninstall or “Rollback” 


Patch 


Patches 


v isRollback: true = 


2 Filters v 


Security and Quality R... 
Published on Jul 13, 2020 


Security Only Update f... 
Published on Jul 13, 2020 


DST changes in Windo... 


Published on May 18, 2020 


Security Only Update f... 
Pyblished on M 


MS20-07-MRNET-45... 


KB4565635 


MS20-07-SONET-45... 
KB4565588 


MSNS20-05-4557900 
KB4557900 


MS20-05-SONET-45... 


91552 


32 more. 


110354 


2 more. 


91600 


Critical 


None 


1-10 of 10 


e Only “rollback” 
patches are 
displayed when 
creating an uninstall 
job. 


e Not all patches can 
be uninstalled. 
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Lab Tutorial 5 


Uninstall Job — Page 16 


10 min. 
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Patch Catalog 


Patch es Download list of 


patches 


DASHBOARD PATCHES ASSETS JOBS CONFIGURATION 


Windows 


2C category: ‘Non-Security Patches‘ 


Actions (3) v | se Filters v | Prioritized Products 1-50 of 569 


View Details PATCH STATUS 


Add to Existing Job 
PUBLISHED DATE ARCHIT BULLETIN / KB CATEGORY VENDOR SEVERITY MISSING INSTALLED 
Add to New Job 


Remove Patch Sep 15, 2021 X64 SQL2017RTM-CU26 Non-Security P... - I None 3 0 
KB5005226 


-NET Core 3.1.19 - ... Sep 14, 2021 MSNS21-09-DNET... Non-Security P... 375799 @ None 0 
OASPDNC3119 25 more... 


Security Monthly R... MS21-09-MR81-5.. —Non-Security P... 91772 A Critical 
KB5005613 308 more... 


Create patch job from 
the “Patches” tab @ Qualys. 


Catalog s Default Display Filters 


DASHBOARD PATCHES ASSETS 


— | | Default view shows: 
e Missing patches 
e Non-superseded patches 
Patch vy | Q Search... 


a Use filters to view: 
L] Actions (0) v | SÊ Filters v | 


DCR e Missing and installed 


Missing patches 
PATCH TITLE ARCHIT BULLETIN / KB 
| | Installed 


e Superseded patches 
Google Chro Die an J X64 CHROME-210924 
nly Latest Patches (Non-superseded) 960940460661 


Yes 


Google Chro CHROME-210924 


QGC940460661 
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Linux Patches 


Patch Management DASHBOARD PATCHES 


Patch Catalog 


Windows 


ASSETS 


Filters are not applied to 
Linux patches. 


2./9K 


Total Patches 


0S 


RHEL6 
RHEL7 


VENDOR SEVERITY 


Important 
Moderate 
Critical 


Low 


RHSA-2021:2881: thunderbird security update 


RHSA-2021:2845: java-1.8.0-openjdk security and bu... 


RHSA-2021:2726: kernel-rt security and bug fix update 


RHSA-2021:2784: java-11-openjdk security update 


RHSA-2021:2727: kpatch-patch security update 


Search for Linux patches by 
OS and Vendor Severity. 


RHSA-2021:2658: linuxptp security update 


Jul 25, 2021 


Jul 20, 2021 


Jul 20, 2021 


Jul 20, 2021 


Jul 19, 2021 


Jul 14, 2021 


Jul 11, 2021 


Jul 05, 2021 


JOBS 


CONFIGURATION 


noarch 


RHSA-2021:2881 


RHSA-2021:2845 


RHSA-2021:2726 


RHSA-2021:2784 


RHSA-2021:2727 


RHSA-2021:2741 


RHSA-2021:2683 


RHSA-2021:2658 


Security 


Security 


Security 


Security 


Security 


Security 


Security 


Security 


1-200 of 2786 


239510 


239512 


239523 


239513 


239495 


239476 


239481 


239488 


W important 


BB important 


i | Important 


W important 


W important 


E important 


important 


a Important 


Default filters are NOT applied when viewing Linux patches. 


Qualys. 


Acquire From Vendor 


v downloadMethod:AcquireFromVendor 
a 


Microsoft Power BI De... PBID-200728 
Published on Jul 27, 2020 QBI2835894881 


Microsoft Power BI De... PBID-200728 
Published on Jul 27, 2020 QBI2835894881 


Microsoft Power BI De... PBID-200723 
Published on Jul 22, 2020 QBI2835894822 


e Patches identified with the “key-shaped” icon, cannot be downloaded by 
Qualys’ Cloud Agent. 
© Qualys. 


Uninstall or “Rollback” Patches 


v isRollback: true = 


2 Filters v 


Security and Quality R... 


Published on Jul 13, 2020 


Security Only Update f... 


Published on Jul 13, 2020 


DST changes in Windo... 


Published on May 18, 2020 


Security Only Update f... 
Pyblished on Mg ARQ 


MS20-07-MRNET-45... 
KB4565635 


MS20-07-SONET-45... 
KB4565588 


MSNS20-05-4557900 
KB4557900 


MS20-05-SONET-45... 


— Ë 


91552 


32 more. 


110354 


2 more. 


91600 


1-100f 10 


isRollback:true /* patches that can be uninstalled */ 
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Add Patches to Existing Jobs 


< Add Patches: Existing Deployment Jobs 


JOB NAME 


SCHEDULE 


Recurring Job 
Created by trann3zd54 on Jul 3... 


Scheduled - Run Once 
Created by trann3zd54 on Aug... 


On Demand 
Created by trann3zd54 on Aug ... 


Every 30th day of the ... 


Once, Oct 23 2020 9:3... 


On-demand 


Additional patches can be 
added to any deployment job, 
before it is enabled 


Additional patches can be 
added to a “recurring” job, 
both before and after it is 
enabled. 
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Lab Tutorial 6 


Patch Catalog — Page 18 


10 min. 
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Assets 
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PM Assets 


All assets have been 
successfully scanned. 


PATCHES 


STATUS ASSET NAME OS LAST USER MISSING INSTALLED TAGS 


Scanned 
Scanned on Jul 239, ... 


WS2012DFW233 mm Microsoft Windows S... Administrator 12 126 |) PM Lab 


1 more... 


Scanned WIN10DFW220 sm Microsoft Windows 1.. .\qscan 3 T2 |) PM Lab 
Scanned on Jul 28, ... 


Scanned WS2016DFW242 H Microsoft Windows S.. .\Administrat... 6 1 1 i PM Lab 
Scanned on Jul 29, ... 


Scanned EC2AMAZ-2SIBM... =m Microsoft Windows S.. — 1 19 
Scanned on Jul 28, ... 


e Displays host assets with the PM module activated. 


e A successful assessment scan will also display the number of 
MISSING and INSTALLED patches. 


@ Qualys. 


Quick Actions 


Scanned 


Scanned 


Scanned on Aug 04... 


Scanned 


Scanned on Aug 04... 


Scanned 


Scanned on Aug 04... 


e Use the “Quick Actions menu to view asset details, add assets to an 


Scanned on Aug 04... 


Se Microsoft Windows S... 


Quick Actions 


View Details Microsoft Windows S... 


Add to Existing Job 


Microsoft Windows S... 
Add to New Job 


WIN10DFW239 Microsoft Windows 1... 


existing job, or add assets to a new job. 


Add Assets to Existing Jobs 


< Add Assets: Existing Deployment Jobs 


JOB NAME 


Recurring Job 
Created by trann3zd54 on Jul 3... 


Scheduled - Run Once 
Created by trann3zd54 on Aug... 


On Demand 
Created by trann3zd54 on Aug... 


SCHEDULE 


Every 30th day of the... 


Once, Oct 23 2020 9:3... 


On-demand 


Additional assets can be 
added to any deployment 
job, before it is enabled 


Additional assets can be 
added to a “recurring” job, 
both before and after it is 
enabled. 
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Lab Tutorial 7 


Assets — Page 20 


10 min. 
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Training Survey and Certification Exam 


Training Survey + https:/forms.office.com/r/rsyOAja6Xz 


Certification Exam >  https://qualys.com/learning 


© Qualys. 


PM Certification Exam 


Participants in this training course have the option to take the PM Certification 
Exam: 


= 30 multiple choice questions. 
= Answer 75% of the questions correctly to receive a passing score. 
= Candidates will receive 5 attempts to pass the exam. 


= You may use the PM presentation slides and lab tutorial supplement to help you 
answer the exam questions. 


= You may also use the “Help” menu (in the Qualys UI) to answer exam questions. 


© Qualys. 


Qualys. 


Thank You 


training@qualys.com 
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